I am confuguring a CDH 5.9.0 cluster in AWS with Security Groups (effectively firewalls) separating various classes of nodes, e.g. CM is separate to the cluster nodes and Metastore service and HS2 are in separate Security Groups.
Cirrently CM is unable to retrieve log file entries and I am unable to"Download Full Log" for various services that are outside of the Security Group within which CM is running.
I always thought these were retrieved via CM Agent and that port 7182 into the SG containing CM would be enough, but clearly this is not the case.
If I open all ports into the SG containing the cluster nodes then CM is able to successfully access the log entries for say the DataNode role, so this is definitely a port/firewall issue.
From the information available on the following two URLs I am unable to determine the specific ports I need to open in order to allow CM to access the DataNode role logs:
The issue applies across the board. CM cannot see Role logs for pretty much any service not within its Security Group.
Can someone point out to me which of the ports are used for CMs retrieval of this informaiton, including whether this is the same for all service roles or different for each.
Thanks.
